package com.ctcemti.mdm.framework.shiro;


import com.ctcemti.mdm.common.util.JWTUtil;
import com.ctcemti.mdm.project.sys.dao.OrgPersonMapper;
import com.ctcemti.mdm.project.sys.dao.SysMenuMapper;
import com.ctcemti.mdm.project.sys.entity.OrgPerson;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.web.subject.WebSubject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;

/* *
 * @Author bxf
 * @Description 自定义shiro
 * @Date 13:42 2019/8/11
 * @param null
 * @return
 */
@Component
public class MyRealm extends AuthorizingRealm {

    @Autowired
    private SysMenuMapper sysMenuMapper;
    @Autowired
    private OrgPersonMapper orgPersonMapper;
    @Override
    public boolean supports(AuthenticationToken token) {
        return token instanceof JWTToken;
    }

    /**
     * 只有当需要检测用户权限的时候才会调用此方法，例如checkRole,checkPermission之类的
     */

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
    	ServletRequest request = ((WebSubject)SecurityUtils.getSubject()).getServletRequest(); 
    	System.err.println(principalCollection.getPrimaryPrincipal().toString()+"========"+((HttpServletRequest) request).getHeader("Authorization"));
        System.out.println("进入myrealm的doGetAuthorizationInfo方法");
        String token = ((HttpServletRequest) request).getHeader("Authorization");
        String feignFlag = ((HttpServletRequest) request).getHeader("feignFlag");//标记为远程访问
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        // 管理员拥有所有权限
        String loginName = JWTUtil.getLoginName(token);
        if ("Administrator".equals(loginName)){
            info.addRole("admin");
            info.addStringPermission("*:*:*");
        }else{
            //结构授权
            info.addRole("admin");
            info.addStringPermissions(sysMenuMapper.selectPermissionsFromRole(JWTUtil.getLoginId(token)));
        }
        return info;
    }

    /**
     * 默认使用此方法进行用户名正确与否验证，错误抛出异常即可。
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken){
        String token = (String) authenticationToken.getCredentials();
        String userName = JWTUtil.getLoginName(token);
        OrgPerson orgPerson = new OrgPerson();
        orgPerson.setLoginName(userName);
        if(orgPersonMapper.select(orgPerson).size()<1){
            throw new AuthenticationException("没有用户");
        }
        try {
            JWTUtil.verify(token);
        } catch (Exception e) {
            throw new AuthenticationException(e.getMessage());
        }
        return new SimpleAuthenticationInfo(token, token, "my_realm");
    }
}
